From 1075efabc73ef9e890fdb7a53b15cabf467c6a9b Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 26 Dec 2011 12:13:21 +1100
Subject: s3-auth Add TALLOC_CTX * to auth_generic_prepare()

This makes the long term owner of this memory more clear.  So far only the
clear cases have been moved from NULL however.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
---
 source3/auth/auth_generic.c              |  5 +++--
 source3/auth/proto.h                     |  2 +-
 source3/rpc_server/dcesrv_auth_generic.c |  4 ++--
 source3/smbd/negprot.c                   |  3 ++-
 source3/smbd/seal.c                      |  2 +-
 source3/smbd/sesssetup.c                 |  6 +++---
 source3/smbd/smb2_sesssetup.c            | 13 +++----------
 7 files changed, 15 insertions(+), 20 deletions(-)

(limited to 'source3')

diff --git a/source3/auth/auth_generic.c b/source3/auth/auth_generic.c
index 9b65f24e73..34a499895e 100644
--- a/source3/auth/auth_generic.c
+++ b/source3/auth/auth_generic.c
@@ -31,14 +31,15 @@
 #include "librpc/rpc/dcerpc.h"
 #include "lib/param/param.h"
 
-NTSTATUS auth_generic_prepare(const struct tsocket_address *remote_address,
+NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx,
+			      const struct tsocket_address *remote_address,
 			      struct auth_generic_state **auth_ntlmssp_state)
 {
 	struct auth_context *auth_context;
 	struct auth_generic_state *ans;
 	NTSTATUS nt_status;
 
-	ans = talloc_zero(NULL, struct auth_generic_state);
+	ans = talloc_zero(mem_ctx, struct auth_generic_state);
 	if (!ans) {
 		DEBUG(0,("auth_ntlmssp_start: talloc failed!\n"));
 		return NT_STATUS_NO_MEMORY;
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 074da79a05..31271da3e5 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -69,7 +69,7 @@ NTSTATUS auth_netlogond_init(void);
 
 /* The following definitions come from auth/auth_ntlmssp.c  */
 
-NTSTATUS auth_generic_prepare(const struct tsocket_address *remote_address,
+NTSTATUS auth_generic_prepare(TALLOC_CTX *mem_ctx, const struct tsocket_address *remote_address,
 			      struct auth_generic_state **auth_ntlmssp_state);
 NTSTATUS auth_generic_start(struct auth_generic_state *auth_ntlmssp_state, const char *oid);
 NTSTATUS auth_generic_authtype_start(struct auth_generic_state *auth_ntlmssp_state, 
diff --git a/source3/rpc_server/dcesrv_auth_generic.c b/source3/rpc_server/dcesrv_auth_generic.c
index 73737c24b7..dee3c16ca3 100644
--- a/source3/rpc_server/dcesrv_auth_generic.c
+++ b/source3/rpc_server/dcesrv_auth_generic.c
@@ -38,7 +38,7 @@ NTSTATUS auth_generic_server_start(TALLOC_CTX *mem_ctx,
 	struct auth_generic_state *a = NULL;
 	NTSTATUS status;
 
-	status = auth_generic_prepare(remote_address, &a);
+	status = auth_generic_prepare(talloc_tos(), remote_address, &a);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
 			  nt_errstr(status)));
@@ -92,7 +92,7 @@ NTSTATUS auth_generic_server_authtype_start(TALLOC_CTX *mem_ctx,
 	struct auth_generic_state *a = NULL;
 	NTSTATUS status;
 
-	status = auth_generic_prepare(remote_address, &a);
+	status = auth_generic_prepare(talloc_tos(), remote_address, &a);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, (__location__ ": auth_generic_prepare failed: %s\n",
 			  nt_errstr(status)));
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index 2076b094a3..0a06e4a3d7 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -204,7 +204,8 @@ DATA_BLOB negprot_spnego(TALLOC_CTX *ctx, struct smbd_server_connection *sconn)
 	sconn->use_gensec_hook = false;
 
 	/* See if we can get an SPNEGO blob out of the gensec hook (if auth_samba4 is loaded) */
-	status = auth_generic_prepare(sconn->remote_address,
+	status = auth_generic_prepare(talloc_tos(),
+				      sconn->remote_address,
 				      &auth_ntlmssp_state);
 	if (NT_STATUS_IS_OK(status)) {
 		status = auth_generic_start(auth_ntlmssp_state, GENSEC_OID_SPNEGO);
diff --git a/source3/smbd/seal.c b/source3/smbd/seal.c
index be5f9506d0..a609a3bad3 100644
--- a/source3/smbd/seal.c
+++ b/source3/smbd/seal.c
@@ -80,7 +80,7 @@ static NTSTATUS make_auth_ntlmssp(const struct tsocket_address *remote_address,
 				  struct smb_trans_enc_state *es)
 {
 	struct auth_generic_state *auth_ntlmssp_state;
-	NTSTATUS status = auth_generic_prepare(remote_address,
+	NTSTATUS status = auth_generic_prepare(NULL, remote_address,
 					       &auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		return nt_status_squash(status);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 04783a4fcd..a15afd5e35 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -625,7 +625,7 @@ static void reply_spnego_negotiate(struct smb_request *req,
 		return;
 	}
 
-	status = auth_generic_prepare(sconn->remote_address,
+	status = auth_generic_prepare(NULL, sconn->remote_address,
 				      auth_ntlmssp_state);
 	if (!NT_STATUS_IS_OK(status)) {
 		/* Kill the intermediate vuid */
@@ -737,7 +737,7 @@ static void reply_spnego_auth(struct smb_request *req,
 	data_blob_free(&secblob);
 
 	if (!*auth_ntlmssp_state) {
-		status = auth_generic_prepare(sconn->remote_address,
+		status = auth_generic_prepare(NULL, sconn->remote_address,
 					      auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			/* Kill the intermediate vuid */
@@ -1145,7 +1145,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req)
 		DATA_BLOB chal;
 
 		if (!vuser->auth_ntlmssp_state) {
-			status = auth_generic_prepare(sconn->remote_address,
+			status = auth_generic_prepare(vuser, sconn->remote_address,
 						      &vuser->auth_ntlmssp_state);
 			if (!NT_STATUS_IS_OK(status)) {
 				/* Kill the intermediate vuid */
diff --git a/source3/smbd/smb2_sesssetup.c b/source3/smbd/smb2_sesssetup.c
index e5765dda55..0a9edbc273 100644
--- a/source3/smbd/smb2_sesssetup.c
+++ b/source3/smbd/smb2_sesssetup.c
@@ -375,7 +375,7 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 		status = NT_STATUS_MORE_PROCESSING_REQUIRED;
 	} else {
 		/* Fall back to NTLMSSP. */
-		status = auth_generic_prepare(session->sconn->remote_address,
+		status = auth_generic_prepare(session, session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			goto out;
@@ -418,7 +418,6 @@ static NTSTATUS smbd_smb2_spnego_negotiate(struct smbd_smb2_session *session,
 	if (!NT_STATUS_IS_OK(status) &&
 			!NT_STATUS_EQUAL(status,
 				NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 	}
 	return status;
@@ -451,7 +450,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 
 	session->compat_vuser = talloc_zero(session, user_struct);
 	if (session->compat_vuser == NULL) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -471,7 +469,6 @@ static NTSTATUS smbd_smb2_common_ntlmssp_auth_return(struct smbd_smb2_session *s
 		DEBUG(1, ("smb2: Failed to claim session "
 			"for vuid=%d\n",
 			session->compat_vuser->vuid));
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_LOGON_FAILURE;
 	}
@@ -564,7 +561,7 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 	}
 
 	if (session->auth_ntlmssp_state == NULL) {
-		status = auth_generic_prepare(session->sconn->remote_address,
+		status = auth_generic_prepare(session, session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			data_blob_free(&auth);
@@ -596,7 +593,6 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 
 	if (!NT_STATUS_IS_OK(status) &&
 			!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		data_blob_free(&auth);
 		TALLOC_FREE(session);
 		return status;
@@ -608,7 +604,6 @@ static NTSTATUS smbd_smb2_spnego_auth(struct smbd_smb2_session *session,
 				&auth_out, status, NULL);
 
 	if (out_security_buffer->data == NULL) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return NT_STATUS_NO_MEMORY;
 	}
@@ -641,7 +636,7 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 	*out_security_buffer = data_blob_null;
 
 	if (session->auth_ntlmssp_state == NULL) {
-		status = auth_generic_prepare(session->sconn->remote_address,
+		status = auth_generic_prepare(session, session->sconn->remote_address,
 					    &session->auth_ntlmssp_state);
 		if (!NT_STATUS_IS_OK(status)) {
 			TALLOC_FREE(session);
@@ -677,7 +672,6 @@ static NTSTATUS smbd_smb2_raw_ntlmssp_auth(struct smbd_smb2_session *session,
 				     &session->session_info);
 
 	if (!NT_STATUS_IS_OK(status)) {
-		TALLOC_FREE(session->auth_ntlmssp_state);
 		TALLOC_FREE(session);
 		return status;
 	}
@@ -782,7 +776,6 @@ static NTSTATUS smbd_smb2_session_setup(struct smbd_smb2_request *smb2req,
 	/* Unknown packet type. */
 	DEBUG(1,("Unknown packet type %u in smb2 sessionsetup\n",
 		(unsigned int)in_security_buffer.data[0] ));
-	TALLOC_FREE(session->auth_ntlmssp_state);
 	TALLOC_FREE(session);
 	return NT_STATUS_LOGON_FAILURE;
 }
-- 
cgit